General
-
Target
985f9aa8e43f37aef41907cf5bc3dfba4d61c7c59cfb35dbc4d19056ecba0b47
-
Size
398KB
-
Sample
210726-zkyhctvne6
-
MD5
c580dfe1a069263ed869a74ae50ccaa0
-
SHA1
70340a4fdd599e07da0ae0ffaa139a977f28b5be
-
SHA256
985f9aa8e43f37aef41907cf5bc3dfba4d61c7c59cfb35dbc4d19056ecba0b47
-
SHA512
633a63f158942969f3fdfae95185855895e3ea1d5c1c7b3224970566f3b3489a7b280fe54be6cfb0dd28b36203357d00d4b135772db4c08620efed8b2aa81867
Static task
static1
Behavioral task
behavioral1
Sample
985f9aa8e43f37aef41907cf5bc3dfba4d61c7c59cfb35dbc4d19056ecba0b47.exe
Resource
win10v20210408
Malware Config
Extracted
redline
SewPalpadin
185.215.113.114:8887
Targets
-
-
Target
985f9aa8e43f37aef41907cf5bc3dfba4d61c7c59cfb35dbc4d19056ecba0b47
-
Size
398KB
-
MD5
c580dfe1a069263ed869a74ae50ccaa0
-
SHA1
70340a4fdd599e07da0ae0ffaa139a977f28b5be
-
SHA256
985f9aa8e43f37aef41907cf5bc3dfba4d61c7c59cfb35dbc4d19056ecba0b47
-
SHA512
633a63f158942969f3fdfae95185855895e3ea1d5c1c7b3224970566f3b3489a7b280fe54be6cfb0dd28b36203357d00d4b135772db4c08620efed8b2aa81867
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-